Security attributes

{{< details >}}

• Tier: Ultimate
• Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

{{< /details >}}

{{< history >}}

• Introduced in GitLab 18.5 with flags named security_context_labels and security_categories_and_attributes. Disabled by default. This feature was introduced in beta
• Enabled on GitLab.com, GitLab Self-Managed, and GitLab Dedicated in GitLab 18.6.
• Generally available in GitLab 18.9. Feature flag security_inventory_dashboard removed.

{{< /history >}}

Security teams can now apply metadata specific to their own organization and business needs to projects using security attributes.

Security attributes are organized by categories based on:

• Business impact
• Application
• Business unit
• Internet exposure
• Location

By applying these attributes across your projects, you can much more quickly identify which projects require action based on your own organizations risk posture and business needs. With security attributes, you can:

• Identify projects that are mission critical and require stronger scan coverage.
• Review scan coverage for each application or business unit.
• Locate projects that contribute to publicly accessible and exposed applications.

Track the development of the security inventory in epic 16939. Share your feedback as development continues on this feature.

Manage security attributes for groups

Prerequisites:

• You must have the Security Manager, Maintainer or Owner role in the top-level group (namespace) to manage security attributes.

To manage security attributes for a group:

1. In the top bar, select Search or go to and find your group.
2. Select Secure > Security configuration.

Manage security attributes for projects

Prerequisites:

• You must have the Security Manager, Maintainer or Owner role in the top-level group (namespace) to manage security attributes.

To manage security attributes for a project:

1. In the top bar, select Search or go to and find your project.
2. Select Secure > Security configuration.
3. Select the Security attributes tab.

Related topics

• Security inventory
• Security dashboard
• Vulnerability reports

Troubleshooting

When working with the security attributes, you might encounter the following issues.

Security configuration menu item missing

Users might not have the required permissions to access the Security configuration menu item even if they are a Security Manager, Maintainer or Owner in that group.

The menu item only displays for groups when the authenticated user has the Security Manager, Maintainer or Owner role in the top-level group (namespace) that contains the subgroup.

To manage security attributes, ask a maintainer to complete the configuration changes or request the Maintainer role from your administrator.